From 5efa8fb457700ad4b3a798591158ed0cbde0d0f1 Mon Sep 17 00:00:00 2001 From: Weston Steimel Date: Tue, 8 Oct 2024 10:55:47 +0100 Subject: [PATCH] add CVE-2024-47913 for mediawiki abusefilter extension Signed-off-by: Weston Steimel --- data/anchore/2024/CVE-2024-47913.json | 48 +++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 data/anchore/2024/CVE-2024-47913.json diff --git a/data/anchore/2024/CVE-2024-47913.json b/data/anchore/2024/CVE-2024-47913.json new file mode 100644 index 00000000..7bda1ceb --- /dev/null +++ b/data/anchore/2024/CVE-2024-47913.json @@ -0,0 +1,48 @@ +{ + "additionalMetadata": { + "cna": "mitre", + "cveId": "CVE-2024-47913", + "description": "An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter.", + "reason": "Added CPE configurations because not yet analyzed by NVD.", + "references": [ + "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/1076855", + "https://phabricator.wikimedia.org/T372998" + ] + }, + "adp": { + "affected": [ + { + "cpes": [ + "cpe:2.3:a:mediawiki:abusefilter:*:*:*:*:*:mediawiki:*:*" + ], + "product": "AbuseFilter", + "repo": "https://gerrit.wikimedia.org/r/mediawiki/extensions/AbuseFilter", + "vendor": "MediaWiki", + "versions": [ + { + "lessThan": "1.39.9", + "status": "affected", + "version": "0", + "versionType": "custom" + }, + { + "lessThan": "1.41.3", + "status": "affected", + "version": "1.40", + "versionType": "custom" + }, + { + "lessThan": "1.42.2", + "status": "affected", + "version": "1.42", + "versionType": "custom" + } + ] + } + ], + "providerMetadata": { + "orgId": "00000000-0000-4000-8000-000000000000", + "shortName": "anchoreadp" + } + } +} \ No newline at end of file